package org.llc.oauthclient.controller;

import org.llc.oauthclient.client.HelloClient;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.security.RolesAllowed;

/**
 * 测试控制器
 *
 * @author llc
 * @date 2020/1/9 12:11
 * @since 1.0.0
 */
@RestController
public class HelloController {

    /**
     * 测试Service
     */
    private final HelloClient helloClient;

    public HelloController(HelloClient helloClient) {
        this.helloClient = helloClient;
    }

    /**
     * 受保护的资源
     */
    @GetMapping("/user/save")
    public String save() {
        return "save";
    }

    /**
     * 受保护的资源
     */
    @GetMapping("/user/gets")
    public String gets() {
        return helloClient.get();
    }

    /**
     * 不受保护的资源
     */
    @GetMapping("/save/no")
    public String noSave() {
        return "no save";
    }

    /**
     * 只有角色ONE才能访问
     *
     * @return java.lang.String
     * @author llc
     * @date 2020/1/19 12:52
     */
    @Secured("ROLE_SECURITY_ADMIN")
    @GetMapping("/one")
    public String one() {
        return "one";
    }

    /**
     * 只有角色TWO才能访问
     *
     * @return java.lang.String
     * @author llc
     * @date 2020/1/19 12:52
     */
    @PreAuthorize("hasRole('ROLE_SECURITY_TOURIST')")
    @GetMapping("/two")
    public String two() {
        return "two";
    }

    /**
     * 只有角色THREE才能访问
     *
     * @return java.lang.String
     * @author llc
     * @date 2020/1/19 12:52
     */
    @RolesAllowed("ROLE_SECURITY_USER")
    @GetMapping("/three")
    public String three() {
        return "three";
    }
}

